ci: Use golangci's github action for linting (#3794)

* ci: Use golangci's github action for linting Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix most of the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the prealloc lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the misspell lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the varcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the errcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the bodyclose lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the deadcode lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the unused lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosec lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the gosimple lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the ineffassign lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Fix the staticcheck lint errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert the misspell change, use a neutral English Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove broken golangci-lint CI job Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Re-add errantly-removed weakrand initialization Signed-off-by: Dave Henderson <dhenderson@gmail.com> * don't break the loop and return * Removing extra handling for null rootKey * unignore RegisterModule/RegisterAdapter Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> * single-line log message Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Fix lint after a1808b0dbf209c615e438a496d257ce5e3acdce2 was merged Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Revert ticker change, ignore it instead Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Ignore some of the write errors Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Remove blank line Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Use lifetime Signed-off-by: Dave Henderson <dhenderson@gmail.com> * close immediately Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Preallocate configVals Signed-off-by: Dave Henderson <dhenderson@gmail.com> * Update modules/caddytls/distributedstek/distributedstek.go Co-authored-by: Mohammed Al Sahaf <msaa1990@gmail.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
author: Dave Henderson <dhenderson@gmail.com> 2020-11-22 16:50:29 -0500
committer: GitHub <noreply@github.com> 2020-11-22 14:50:29 -0700
commit: bd17eb205d6ac464c64eb888a6f4b57445b6c59c (patch)
tree: 5ba6a1284b72f9f3ac5323a0f1fc14795a4b40f8 /modules/caddytls/internalissuer.go
parent: 1e480b818b56b5c46b88d59f54e0b5e54e7758f8 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/modules/caddytls/internalissuer.go b/modules/caddytls/internalissuer.go
index 6f228ea..416369f 100644
--- a/modules/caddytls/internalissuer.go
+++ b/modules/caddytls/internalissuer.go
@@ -27,6 +27,7 @@ import (
 	"github.com/caddyserver/caddy/v2/modules/caddypki"
 	"github.com/caddyserver/certmagic"
 	"github.com/smallstep/certificates/authority/provisioner"
+	"go.uber.org/zap"
 )
 
 func init() {
@@ -51,7 +52,8 @@ type InternalIssuer struct {
 	// validate certificate chains.
 	SignWithRoot bool `json:"sign_with_root,omitempty"`
 
-	ca *caddypki.CA
+	ca     *caddypki.CA
+	logger *zap.Logger
 }
 
 // CaddyModule returns the Caddy module information.
@@ -64,6 +66,8 @@ func (InternalIssuer) CaddyModule() caddy.ModuleInfo {
 
 // Provision sets up the issuer.
 func (iss *InternalIssuer) Provision(ctx caddy.Context) error {
+	iss.logger = ctx.Logger(iss)
+
 	// get a reference to the configured CA
 	appModule, err := ctx.App("pki")
 	if err != nil {
@@ -115,11 +119,15 @@ func (iss InternalIssuer) Issue(ctx context.Context, csr *x509.CertificateReques
 	// ensure issued certificate does not expire later than its issuer
 	lifetime := time.Duration(iss.Lifetime)
 	if time.Now().Add(lifetime).After(issuerCert.NotAfter) {
-		// TODO: log this
-		lifetime = issuerCert.NotAfter.Sub(time.Now())
+		lifetime = time.Until(issuerCert.NotAfter)
+		iss.logger.Warn("cert lifetime would exceed issuer NotAfter, clamping lifetime",
+			zap.Duration("orig_lifetime", time.Duration(iss.Lifetime)),
+			zap.Duration("lifetime", lifetime),
+			zap.Time("not_after", issuerCert.NotAfter),
+		)
 	}
 
-	certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(iss.Lifetime))
+	certChain, err := auth.Sign(csr, provisioner.SignOptions{}, customCertLifetime(caddy.Duration(lifetime)))
 	if err != nil {
 		return nil, err
 	}
author	Dave Henderson <dhenderson@gmail.com>	2020-11-22 16:50:29 -0500
committer	GitHub <noreply@github.com>	2020-11-22 14:50:29 -0700
commit	bd17eb205d6ac464c64eb888a6f4b57445b6c59c (patch)
tree	5ba6a1284b72f9f3ac5323a0f1fc14795a4b40f8 /modules/caddytls/internalissuer.go
parent	1e480b818b56b5c46b88d59f54e0b5e54e7758f8 (diff)